﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.Security;

namespace ConsoleWebApi.Authorization
{
    public class AllowCrossDomain : System.Web.Http.Filters.ActionFilterAttribute
    {

        public override void OnActionExecuted(System.Web.Http.Filters.HttpActionExecutedContext actionExecutedContext)
        {
            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
            //Note "*" will allow all - you can change this to only allow tursted domains
        }
    }




    public class ssdsd
    {
        public String Make(String Name, String UserData)

        {
            return FormsAuthentication.Encrypt(new FormsAuthenticationTicket(128, Name, DateTime.Now, DateTime.Now.AddHours(24), true, UserData));
        }
    }



    /// <summary>
    /// 自定义此特性用于接口的身份验证
    /// </summary>
    public class RequestAuthorizeAttribute : AuthorizeAttribute
    {
        /// <summary>
        /// 主钥
        /// </summary>
        private String Master_Key = "F587DB5D-BE14-49FC-8B87-E52C31E4DFB3";
        /// <summary>
        /// 私钥
        /// </summary>
        public String Private_Key = null;


        //重写基类的验证方式，加入我们自定义的Ticket验证
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            //从请求的头里面获取身份验证信息
            //验证
            if (ValidateTicket(actionContext.Request))
            {
                //验证通过
                base.IsAuthorized(actionContext);
            }
            else
            {
                //验证拒绝
                actionContext.Response = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.BadRequest, "因为你没带礼物，所以对方并不想和你说话。");
            }
        }

        //校验用户名密码（正式环境中应该是数据库校验）
        private bool ValidateTicket(HttpRequestMessage Request)
        {
            try
            {
                // 确认包含 Authorization
                if (Request.Headers.Authorization == null)
                {
                    return false;
                }
                String Authorization = Request.Headers.Authorization.ToString();
                //彩蛋千千万，主钥。
                if (!String.IsNullOrEmpty(Master_Key) && Authorization == Master_Key)
                {
                    return true;
                }
                //彩蛋千千万，私钥。
                if (!String.IsNullOrEmpty(Private_Key) && Authorization == Private_Key)
                {
                    return true;
                }
                //尝试获取 Account
                IEnumerable<string> Account = null;
                if (Request.Headers.TryGetValues("Account", out Account))
                {
                    //解密Ticket
                    FormsAuthenticationTicket FAT = FormsAuthentication.Decrypt(Authorization);
                    //判断数据是否正常
                    if (FAT.Name == Account.FirstOrDefault())
                    {
                        //返回该密钥是否有效
                        return !FAT.Expired;
                    }
                }
            }
            catch (Exception)
            {

            }
            return false;
        }
    }

}